Rat race: programs like RAT have become the most popular with hackers

RAT-type programs have become the most popular type of malicious software used by cybercriminals to steal credentials, payment data, and other critical information, experts have warned. In particular, we are talking about SpyNote and its derivatives - Spymax RAT or Craxs RAT. Read more about how the most popular cybercriminal tool works, how dangerous it is and how to protect yourself from it in the Izvestia article.

What programs are the most popular among hackers

Izvestia was told by Angara Security specialists - experts in the field of digital forensics - that RAT-type programs have become the most popular weapon of attack.

According to their data, this includes SpyNote and its derivatives - Spymax RAT or Craxs RAT. This is confirmed by Kaspersky Lab's research, according to which the number of attacks on Android device owners using the SpyNote spyware and its variants will increase 4.5 times in Russia in 2024.

Photo: Global Look Press/Julian Stratenschulte

- This type of malware is most often delivered to devices through the use of messengers," Angara Security experts say. - The attacker asks the victim to install the malware under various pretexts .

Then, pretending to be a security officer of a bank or other agencies, the fraudster gives the victim clear instructions, during the implementation of which the security settings of the smartphone are lowered and the malware is installed, which secretly steals data. In addition, the attacker is able to remotely control the phone, capture camera images and microphone audio, read SMS, and download and send files.

Why RAT-type programs are popular with scammers

The abbreviation RAT is most often deciphered as Remote Access Trojan, says Anton Kargin, an expert of the RAT analysis group of the Solar 4RAYS Cyber Threat Research Center, Solar Group. On the one hand, this VPO allows an attacker to remotely control an endpoint device (for example, a victim's computer or cell phone).

Photo: Global Look Press/Annette Riedl

But the dangers don't end there - it' s not for nothing that rat translates as "rat" in English. Angara Security explains that the attacker tries to make the malicious application mimic a legitimate one. This is so that when the victim installs it, they don't suspect that it might be a VPO.

- Cyber fraud cases using Android malware are becoming more sophisticated and insidious," emphasizes Nikita Leokumovich, Head of Digital Forensics and Cyber Intelligence at Angara Security.

Bit chas: hackers steal accounts using corrupted files

Security systems fail to recognize them as malicious and users lose accounts

In turn, Dmitry Ovchinnikov, head of the Laboratory of Strategic Development of cybersecurity products of the Analytical Center for Cyber Security "Gazinformservice" notes that initially RAT was conceived by developers not as a VPO, but as an assistant in the administration of computers, because it provides a rich functionality of remote control of the device.

But in the hands of attackers, RAT quickly became a popular tool for illegal access. As the expert explains, if you use social engineering techniques against an untrained user and convince him to install software with the RAT virus inside or just RAT on his device, then cybercriminals will have full access to the compromised gadget.

Photo: Global Look Press/CHROMORANGE/Andreas Poertner v

- Once RAT is installed, cybercriminals can do whatever they want with the gadget," emphasizes Anton Kargin. - The possibilities are limited only by the functionality of the program itself.

How hackers distribute programs like RAT

According to Vladislav Kugan, an analyst of the Threat Intelligence Department of the F.A.S.S.T. company. Vladislav Kugan, there are a number of methods of infecting the devices of potential victims of RAT-type VPOs.

1. Phishing attacks

Attackers often use fake emails that contain infected attachments or links to malicious resources. On mobile devices, these attacks may include links to fake apps or documents that install RATs when opened.

2. Social engineering

Attackers manipulate users into downloading and installing malware disguised as useful programs on their own. This is especially dangerous on mobile devices, as the user may not notice the hidden permissions requested by the VPO.

Photo: Global Look Press/Alicia Windzio

3- Exploiting vulnerabilities in systems

Attackers actively seek out and exploit vulnerabilities in operating systems, browsers, and applications to automatically install RATs without the user's knowledge. For example, vulnerabilities in Android or older versions of iOS have allowed RATs to be injected via exploits when opening web pages or processing certain files.

4. Third-party app stores

Installing apps from unofficial sources, especially on Android, greatly increases the risk of RAT infection. Attackers often embed malware in modified versions of popular apps, which are then distributed via third-party stores or forums.

Photo: IZVESTIA/Sergey Lantyukhov

5. Public Wi-Fi networks

Using unsecured public Wi-Fi networks poses a risk of infecting RAT devices through Man-in-the-Middle attacks. In such cases, attackers can intercept data sent over the Network or inject malicious code directly onto a connected device.

Referral to link: cybersecurity companies named top logistician vulnerabilities

Hacking attacks on the industry have increased by a third, delivery specialists admit

How to protect yourself from RAT attacks

Like any malware, RAT becomes dangerous only after it is installed and run on the target device, says Ilya Efimov, cybersecurity threat research analyst at R-Vision, in a conversation with Izvestia. Therefore, in order to protect against RAT, a comprehensive approach is needed.

- Regularly update your operating system and applications," the expert advises. - Developers, when releasing new versions, not only add new features, but also fix bugs and eliminate vulnerabilities that can be exploited by attackers.

In turn, Dmitry Kalinin, cybersecurity expert at Kaspersky Lab, advises not to follow links from dubious messages, download applications only from official sources, and use a protective solution on smartphones - it will help detect malicious code on the device and will not allow you to install malware.

Photo: Izvestia/Pavel Volkov

Shaih Galiev, head of the PT Sandbox expertise department at Positive Technologies' anti-virus laboratory, adds that anti-virus programs for mobile devices are necessary because VPO is not easy to detect on its own: it makes efforts to disguise its activity.

- Before installing any application, carefully study the requested permissions," concludes Ilya Efimov. - If the application requires access to functions that do not correspond to its purpose, it is better to refuse installation.